Message ID | 20210621202352.1250303-8-jaeckel-floss@eyet-services.de |
---|---|
State | Superseded |
Delegated to: | Tom Rini |
Headers | show |
Series | common: Introduce crypt-style password support | expand |
On Mon, 21 Jun 2021 at 14:24, Steffen Jaeckel <jaeckel-floss@eyet-services.de> wrote: > > In case crypt-based hashing is enabled this will be the default mechanism > that is used. If a user wants to have support for both, the environment > variable `bootstopusesha256` can be set to `true` to allow plain SHA256 > based hashing of the password. > > Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> > --- > > (no changes since v1) > > common/Kconfig.boot | 8 ++++++++ > common/autoboot.c | 22 +++++++++++++++++++++- > 2 files changed, 29 insertions(+), 1 deletion(-) Reviewed-by: Simon Glass <sjg@chromium.org> nits below > > diff --git a/common/Kconfig.boot b/common/Kconfig.boot > index d19bc32836..b04a6c98e5 100644 > --- a/common/Kconfig.boot > +++ b/common/Kconfig.boot > @@ -834,6 +834,14 @@ config AUTOBOOT_ENCRYPTION > This provides a way to ship a secure production device which can also > be accessed at the U-Boot command line. > > +config AUTOBOOT_SHA256_FALLBACK_ENABLE Drop _ENABLE > + bool "Allow fallback from crypt-hashed password to sha256" > + depends on AUTOBOOT_ENCRYPTION && CRYPT_PW > + help > + This option adds support to fall back from crypt-hashed > + passwords to checking a SHA256 hashed password in case the > + 'bootstopusesha256' environment variable is set to 'true'. > + > config AUTOBOOT_DELAY_STR > string "Delay autobooting via specific input key / string" > depends on AUTOBOOT_KEYED && !AUTOBOOT_ENCRYPTION > diff --git a/common/autoboot.c b/common/autoboot.c > index 1eeabf0b1a..c6f550b8a7 100644 > --- a/common/autoboot.c > +++ b/common/autoboot.c > @@ -305,6 +305,26 @@ static void flush_stdin(void) > (void)getchar(); > } > > +/** > + * fallback_to_sha256() - check whether we should fall back to sha256 > + * password checking > + * > + * This checks for the environment variable `bootstopusesha256` in case > + * sha256-fallback has been enabled via the config setting > + * `AUTOBOOT_SHA256_FALLBACK_ENABLE`. > + * > + * @return 0 if we must not fall-back, 1 if plain sha256 should be tried false / true > + */ > +static int fallback_to_sha256(void) bool > +{ > + if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK_ENABLE)) > + return env_get_yesno("bootstopusesha256") == 1; > + else if (IS_ENABLED(CONFIG_CRYPT_PW)) > + return 0; false > + else > + return 1; true > +} > + > /*************************************************************************** > * Watch for 'delay' seconds for autoboot stop or autoboot delay string. > * returns: 0 - no key string, allow autoboot 1 - got key string, abort > @@ -325,7 +345,7 @@ static int abortboot_key_sequence(int bootdelay) > # endif > > if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) { > - if (IS_ENABLED(CONFIG_CRYPT_PW)) > + if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256()) > abort = passwd_abort_crypt(etime); > else > abort = passwd_abort_sha256(etime); > -- > 2.31.1 > Regards, Simon
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index d19bc32836..b04a6c98e5 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -834,6 +834,14 @@ config AUTOBOOT_ENCRYPTION This provides a way to ship a secure production device which can also be accessed at the U-Boot command line. +config AUTOBOOT_SHA256_FALLBACK_ENABLE + bool "Allow fallback from crypt-hashed password to sha256" + depends on AUTOBOOT_ENCRYPTION && CRYPT_PW + help + This option adds support to fall back from crypt-hashed + passwords to checking a SHA256 hashed password in case the + 'bootstopusesha256' environment variable is set to 'true'. + config AUTOBOOT_DELAY_STR string "Delay autobooting via specific input key / string" depends on AUTOBOOT_KEYED && !AUTOBOOT_ENCRYPTION diff --git a/common/autoboot.c b/common/autoboot.c index 1eeabf0b1a..c6f550b8a7 100644 --- a/common/autoboot.c +++ b/common/autoboot.c @@ -305,6 +305,26 @@ static void flush_stdin(void) (void)getchar(); } +/** + * fallback_to_sha256() - check whether we should fall back to sha256 + * password checking + * + * This checks for the environment variable `bootstopusesha256` in case + * sha256-fallback has been enabled via the config setting + * `AUTOBOOT_SHA256_FALLBACK_ENABLE`. + * + * @return 0 if we must not fall-back, 1 if plain sha256 should be tried + */ +static int fallback_to_sha256(void) +{ + if (IS_ENABLED(CONFIG_AUTOBOOT_SHA256_FALLBACK_ENABLE)) + return env_get_yesno("bootstopusesha256") == 1; + else if (IS_ENABLED(CONFIG_CRYPT_PW)) + return 0; + else + return 1; +} + /*************************************************************************** * Watch for 'delay' seconds for autoboot stop or autoboot delay string. * returns: 0 - no key string, allow autoboot 1 - got key string, abort @@ -325,7 +345,7 @@ static int abortboot_key_sequence(int bootdelay) # endif if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) { - if (IS_ENABLED(CONFIG_CRYPT_PW)) + if (IS_ENABLED(CONFIG_CRYPT_PW) && !fallback_to_sha256()) abort = passwd_abort_crypt(etime); else abort = passwd_abort_sha256(etime);
In case crypt-based hashing is enabled this will be the default mechanism that is used. If a user wants to have support for both, the environment variable `bootstopusesha256` can be set to `true` to allow plain SHA256 based hashing of the password. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de> --- (no changes since v1) common/Kconfig.boot | 8 ++++++++ common/autoboot.c | 22 +++++++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-)